SlideShare a Scribd company logo

Implementing a WAF

Mark Hillick
Mark Hillick

Presentation @ local Owasp Ireland Chapter on my experiences of implementing a Web Application Firewall

Technology
1 of 42
TRIALS & TRIBULATIONS OF WAF MARK HILLICK - @MARKOFU Thursday 20 May 2010
AWK -F: '/ROOT/ {PRINT $5}' /ETC/PASSWD Mark Hillick Thursday 20 May 2010
PHASES Introduction Starting Out Design Test Implementation Post-Implementation Thursday 20 May 2010
INTRODUCTION - WHAT IS A WAF? Thursday 20 May 2010
INTRODUCTION - WAF TODAY? WAF Marketplace Maturing Compliance Boo Thursday 20 May 2010
INTRODUCTION - WAF TODAY? WAF deployments were initially propelled by PCI ......... but are now increasingly driven by security best practices. Source: Forrester 2010 Thursday 20 May 2010
INTRODUCTION - NUMBERS $200 million 20% Thursday 20 May 2010
INTRODUCTION - VENDORS Software/Hardware Commercial/Open Source Thursday 20 May 2010
INTRODUCTION - EH???? WHAT???? XSS XSRF SQL Injection APT Zero Day Click Jacking Cookie/Session Hijacking Thursday 20 May 2010
INTRODUCTION - COMPETITORS IDS Reverse Proxy IPS Network FW Proxy Secure Code Thursday 20 May 2010
INTRODUCTION - PRE-SALES Know your subject Question, Ask, Query, Demand Plan, Test, Plan, Test Thursday 20 May 2010
STARTING OUT - GOAL Thursday 20 May 2010
STARTING OUT - RESEARCH Research -> knowledge & understanding Thursday 20 May 2010
STARTING OUT - SATISTICS 6.5 times more expensive to fix a flaw in development than during design, 15 times more in testing, and 100 times more in development. Source http://2010survey.whitehatimperva.com/ Thursday 20 May 2010
STARTING OUT - INTERNAL SELL (1) Technical issues in business language (e.g. just-in- time patching) and a bit of Thursday 20 May 2010
STARTING OUT - INTERNAL SELL (2) Know your costs Advantages over cheaper alternatives! Thursday 20 May 2010
STARTING OUT - INTERNAL SELL (4) There is a disconnect between the acknowledgement of security issues and the willingness to fix them.  Source: The HP Security Laboratory Blog Thursday 20 May 2010
STARTING OUT - INTERNAL SELL (4) Do not oversell WAF != unhackable Thursday 20 May 2010
STARTING OUT - PLAN (1) I love it when...... Copyright © NBC Thursday 20 May 2010
STARTING OUT - PLAN (2) WANTED!!!! Owner/Champion/Lover Thursday 20 May 2010
STARTING OUT - PLAN (3) Thursday 20 May 2010
STARTING OUT - PLAN (4) UAT & SDLC Configuration - Delegation? Alerting Incident Response Plan Logging & Analysis Reporting Thursday 20 May 2010
TEST - TEST SOURCE: http://www.flickr.com/photos/ kodomut/ Thursday 20 May 2010
TEST - SDLC How does it change? When? Who? Thursday 20 May 2010
TEST - OPERATIONAL Not what you want, is it? Thursday 20 May 2010
TEST - FUNCTIONAL Functional Generic Specific SOURCE: http://www.flickr.com/photos/ 54724780@N00/ Thursday 20 May 2010
TEST - STRESS STRESS == LEARNING SOURCE: http://www.flickr.com/photos/ 54724780@N00/ Thursday 20 May 2010
TEST - THE FUN ‘BIT’ Does it work....... SOURCE: http://nmap.org/movies.html Copyright © Warner Bros. Thursday 20 May 2010
TEST - POLICY Administration Policy Who has access? Delegation? Change Management - different? Incident Response Plan? What is an Incident? Thursday 20 May 2010
IMPLEMENTATION - PLAN Plan B? Copyright © Fox Thursday 20 May 2010
IMPLEMENTATION - ALMOST Almost there, don’t cut corners! COMPLETE TESTING FULLY!!!!! Thursday 20 May 2010
IMPLEMENTATION - SET-UP +.ve Security Model Transparent Informational Logging Generic versus Specific Analysis Reporting Thursday 20 May 2010
IMPLEMENTATION - READ Check your logs!!! Thursday 20 May 2010
IMPLEMENTATION - HACK External Testing Thursday 20 May 2010
IMPLEMENTATION Transparent -> Blocking Generic -> Specific Thursday 20 May 2010
POST-IMPLEMENTATION - WAF Your infrastructure has changed!! Patching, Policy Changes, Application Upgrades Thursday 20 May 2010
POST-IMP - STILL, OH YES? SDLC Network Firewall & ACLs Code Analysis Penetration &Vulnerability Testing Incident Response Plan???? -> Incident? What? Thursday 20 May 2010
POST-IMP - TICK TOCK, NO MORE!! Thursday 20 May 2010
POST-IMP - USE IT! NO!!!!!! Thursday 20 May 2010
POST-IMPLEMENTATION - STILL? As someone-else once said!! Thursday 20 May 2010
RESOURCES SANS Reading Room (Scareware via Web App exploit) SANS, Owasp, WebAppSec Web 2.0 -> Blogs, Twitter Vendor Sites Thursday 20 May 2010
CONCLUSION - WAF Extra layer of defence but also admin Can be an excellent and effective solution Is it what I need? Only a part of defence-in-depth!!!! Thursday 20 May 2010

Recommended

Fast RTPS: Programming with the Default Middleware for Robotics Adopted in ROS2
Fast RTPS: Programming with the Default Middleware for Robotics Adopted in ROS2Fast RTPS: Programming with the Default Middleware for Robotics Adopted in ROS2
Fast RTPS: Programming with the Default Middleware for Robotics Adopted in ROS2Jaime Martin Losa
 
Introduction to Microservices
Introduction to MicroservicesIntroduction to Microservices
Introduction to MicroservicesAmazon Web Services
 
Admincenter
AdmincenterAdmincenter
AdmincenterRajiv Pandey
 
Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...
Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...
Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...Adam Pennington
 
What We’ve Learned Building a Cyber Security Operation Center: du Case Study
What We’ve Learned Building a Cyber Security Operation Center: du Case StudyWhat We’ve Learned Building a Cyber Security Operation Center: du Case Study
What We’ve Learned Building a Cyber Security Operation Center: du Case StudyPriyanka Aash
 
100 Security Operation Center Tools.pdf
100 Security Operation Center Tools.pdf100 Security Operation Center Tools.pdf
100 Security Operation Center Tools.pdfMAHESHUMANATHGOPALAK
 
Cloud Computing Architecture
Cloud Computing ArchitectureCloud Computing Architecture
Cloud Computing ArchitectureAnimesh Chaturvedi
 
Decentralized Identifiers (DIDs): The Fundamental Building Block of Self-Sove...
Decentralized Identifiers (DIDs): The Fundamental Building Block of Self-Sove...Decentralized Identifiers (DIDs): The Fundamental Building Block of Self-Sove...
Decentralized Identifiers (DIDs): The Fundamental Building Block of Self-Sove...SSIMeetup
 

Recommended

Fast RTPS: Programming with the Default Middleware for Robotics Adopted in ROS2
Fast RTPS: Programming with the Default Middleware for Robotics Adopted in ROS2Fast RTPS: Programming with the Default Middleware for Robotics Adopted in ROS2
Fast RTPS: Programming with the Default Middleware for Robotics Adopted in ROS2Jaime Martin Losa
 
Introduction to Microservices
Introduction to MicroservicesIntroduction to Microservices
Introduction to MicroservicesAmazon Web Services
 
Admincenter
AdmincenterAdmincenter
AdmincenterRajiv Pandey
 
Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...
Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...
Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...Adam Pennington
 
What We’ve Learned Building a Cyber Security Operation Center: du Case Study
What We’ve Learned Building a Cyber Security Operation Center: du Case StudyWhat We’ve Learned Building a Cyber Security Operation Center: du Case Study
What We’ve Learned Building a Cyber Security Operation Center: du Case StudyPriyanka Aash
 
100 Security Operation Center Tools.pdf
100 Security Operation Center Tools.pdf100 Security Operation Center Tools.pdf
100 Security Operation Center Tools.pdfMAHESHUMANATHGOPALAK
 
Cloud Computing Architecture
Cloud Computing ArchitectureCloud Computing Architecture
Cloud Computing ArchitectureAnimesh Chaturvedi
 
Decentralized Identifiers (DIDs): The Fundamental Building Block of Self-Sove...
Decentralized Identifiers (DIDs): The Fundamental Building Block of Self-Sove...Decentralized Identifiers (DIDs): The Fundamental Building Block of Self-Sove...
Decentralized Identifiers (DIDs): The Fundamental Building Block of Self-Sove...SSIMeetup
 
Cloud Security
Cloud SecurityCloud Security
Cloud SecurityAWS User Group Bengaluru
 
Microservices
MicroservicesMicroservices
MicroservicesĐức Giang Nguyễn
 
SIEM presentation final
SIEM presentation finalSIEM presentation final
SIEM presentation finalRizwan S
 
الحوسبة السحابية
الحوسبة السحابيةالحوسبة السحابية
الحوسبة السحابيةMotahar Homaid
 
Cloud Security Architecture.pptx
Cloud Security Architecture.pptxCloud Security Architecture.pptx
Cloud Security Architecture.pptxMoshe Ferber
 
Introduction to SAML 2.0
Introduction to SAML 2.0Introduction to SAML 2.0
Introduction to SAML 2.0Mika Koivisto
 
Siem ppt
Siem pptSiem ppt
Siem pptkmehul
 
Disk reports predicted failure event
Disk reports predicted failure eventDisk reports predicted failure event
Disk reports predicted failure eventAshwin Pawar
 
Cloud Security, Standards and Applications
Cloud Security, Standards and ApplicationsCloud Security, Standards and Applications
Cloud Security, Standards and ApplicationsDr. Sunil Kr. Pandey
 
History of cloud computing
History of cloud computingHistory of cloud computing
History of cloud computingsankalp810108
 
Threat Modeling Using STRIDE
Threat Modeling Using STRIDEThreat Modeling Using STRIDE
Threat Modeling Using STRIDEGirindro Pringgo Digdo
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewTandhy Simanjuntak
 
CLOUD NATIVE SECURITY
CLOUD NATIVE SECURITYCLOUD NATIVE SECURITY
CLOUD NATIVE SECURITYMaganathin Veeraragaloo
 
Leveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common LanguageLeveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common LanguageErik Van Buggenhout
 
The Elastic Stack as a SIEM
The Elastic Stack as a SIEMThe Elastic Stack as a SIEM
The Elastic Stack as a SIEMJohn Hubbard
 
Azure architecture
Azure architectureAzure architecture
Azure architectureAmal Dev
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 Erick Kish, U.S. Commercial Service
 
Security architecture
Security architectureSecurity architecture
Security architectureDuncan Unwin
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMEAlienVault
 
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl PereiraCyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl PereiraKnowledge Group
 
Secure PHP Development with Inspekt
Secure PHP Development with InspektSecure PHP Development with Inspekt
Secure PHP Development with Inspektfunkatron
 
台灣/中國網路經濟之社會觀察
台灣/中國網路經濟之社會觀察台灣/中國網路經濟之社會觀察
台灣/中國網路經濟之社會觀察Chili Consulting
 

More Related Content

What's hot

SIEM presentation final
SIEM presentation finalSIEM presentation final
SIEM presentation finalRizwan S
 
الحوسبة السحابية
الحوسبة السحابيةالحوسبة السحابية
الحوسبة السحابيةMotahar Homaid
 
Cloud Security Architecture.pptx
Cloud Security Architecture.pptxCloud Security Architecture.pptx
Cloud Security Architecture.pptxMoshe Ferber
 
Introduction to SAML 2.0
Introduction to SAML 2.0Introduction to SAML 2.0
Introduction to SAML 2.0Mika Koivisto
 
Siem ppt
Siem pptSiem ppt
Siem pptkmehul
 
Disk reports predicted failure event
Disk reports predicted failure eventDisk reports predicted failure event
Disk reports predicted failure eventAshwin Pawar
 
Cloud Security, Standards and Applications
Cloud Security, Standards and ApplicationsCloud Security, Standards and Applications
Cloud Security, Standards and ApplicationsDr. Sunil Kr. Pandey
 
History of cloud computing
History of cloud computingHistory of cloud computing
History of cloud computingsankalp810108
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewTandhy Simanjuntak
 
Leveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common LanguageLeveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common LanguageErik Van Buggenhout
 
The Elastic Stack as a SIEM
The Elastic Stack as a SIEMThe Elastic Stack as a SIEM
The Elastic Stack as a SIEMJohn Hubbard
 
Azure architecture
Azure architectureAzure architecture
Azure architectureAmal Dev
 
Security architecture
Security architectureSecurity architecture
Security architectureDuncan Unwin
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMEAlienVault
 
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl PereiraCyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl PereiraKnowledge Group
 

What's hot (20)

Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
Microservices
MicroservicesMicroservices
Microservices
 
SIEM presentation final
SIEM presentation finalSIEM presentation final
SIEM presentation final
 
الحوسبة السحابية
الحوسبة السحابيةالحوسبة السحابية
الحوسبة السحابية
 
Cloud Security Architecture.pptx
Cloud Security Architecture.pptxCloud Security Architecture.pptx
Cloud Security Architecture.pptx
 
Introduction to SAML 2.0
Introduction to SAML 2.0Introduction to SAML 2.0
Introduction to SAML 2.0
 
Siem ppt
Siem pptSiem ppt
Siem ppt
 
Disk reports predicted failure event
Disk reports predicted failure eventDisk reports predicted failure event
Disk reports predicted failure event
 
Cloud Security, Standards and Applications
Cloud Security, Standards and ApplicationsCloud Security, Standards and Applications
Cloud Security, Standards and Applications
 
History of cloud computing
History of cloud computingHistory of cloud computing
History of cloud computing
 
Threat Modeling Using STRIDE
Threat Modeling Using STRIDEThreat Modeling Using STRIDE
Threat Modeling Using STRIDE
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
 
CLOUD NATIVE SECURITY
CLOUD NATIVE SECURITYCLOUD NATIVE SECURITY
CLOUD NATIVE SECURITY
 
Leveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common LanguageLeveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common Language
 
The Elastic Stack as a SIEM
The Elastic Stack as a SIEMThe Elastic Stack as a SIEM
The Elastic Stack as a SIEM
 
Azure architecture
Azure architectureAzure architecture
Azure architecture
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101
 
Security architecture
Security architectureSecurity architecture
Security architecture
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SME
 
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl PereiraCyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
 

Similar to Implementing a WAF

Secure PHP Development with Inspekt
Secure PHP Development with InspektSecure PHP Development with Inspekt
Secure PHP Development with Inspektfunkatron
 
台灣/中國網路經濟之社會觀察
台灣/中國網路經濟之社會觀察台灣/中國網路經濟之社會觀察
台灣/中國網路經濟之社會觀察Chili Consulting
 
5 Principles for Agile & High Speed Development
5 Principles for Agile & High Speed Development5 Principles for Agile & High Speed Development
5 Principles for Agile & High Speed DevelopmentChlkboard
 
Mtechschedule2010 1117 april
Mtechschedule2010 1117 aprilMtechschedule2010 1117 april
Mtechschedule2010 1117 aprilbikram ...
 
谈一谈HTML5/CSS3 @ WebRebuild 2010
谈一谈HTML5/CSS3 @ WebRebuild 2010谈一谈HTML5/CSS3 @ WebRebuild 2010
谈一谈HTML5/CSS3 @ WebRebuild 2010Zi Bin Cheah
 
How and Why to Use Social Media
How and Why to Use Social MediaHow and Why to Use Social Media
How and Why to Use Social MediaCordell Parvin
 
Mobile JavaScript Development - QCon 2010
Mobile JavaScript Development - QCon 2010Mobile JavaScript Development - QCon 2010
Mobile JavaScript Development - QCon 2010Nikolai Onken
 

Similar to Implementing a WAF (9)

Secure PHP Development with Inspekt
Secure PHP Development with InspektSecure PHP Development with Inspekt
Secure PHP Development with Inspekt
 
台灣/中國網路經濟之社會觀察
台灣/中國網路經濟之社會觀察台灣/中國網路經濟之社會觀察
台灣/中國網路經濟之社會觀察
 
5 Principles for Agile & High Speed Development
5 Principles for Agile & High Speed Development5 Principles for Agile & High Speed Development
5 Principles for Agile & High Speed Development
 
Mtechschedule2010 1117 april
Mtechschedule2010 1117 aprilMtechschedule2010 1117 april
Mtechschedule2010 1117 april
 
谈一谈HTML5/CSS3 @ WebRebuild 2010
谈一谈HTML5/CSS3 @ WebRebuild 2010谈一谈HTML5/CSS3 @ WebRebuild 2010
谈一谈HTML5/CSS3 @ WebRebuild 2010
 
How and Why to Use Social Media
How and Why to Use Social MediaHow and Why to Use Social Media
How and Why to Use Social Media
 
Linked Data In Action
Linked Data In ActionLinked Data In Action
Linked Data In Action
 
Refactoring
RefactoringRefactoring
Refactoring
 
Mobile JavaScript Development - QCon 2010
Mobile JavaScript Development - QCon 2010Mobile JavaScript Development - QCon 2010
Mobile JavaScript Development - QCon 2010
 

More from Mark Hillick

Peeling back your Network Layers with Security Onion
Peeling back your Network Layers with Security OnionPeeling back your Network Layers with Security Onion
Peeling back your Network Layers with Security OnionMark Hillick
 
Introduction to MongoDB
Introduction to MongoDBIntroduction to MongoDB
Introduction to MongoDBMark Hillick
 
PHP Loves MongoDB - Dublin MUG (by Hannes)
PHP Loves MongoDB - Dublin MUG (by Hannes)PHP Loves MongoDB - Dublin MUG (by Hannes)
PHP Loves MongoDB - Dublin MUG (by Hannes)Mark Hillick
 
Integrated Cache on Netscaler
Integrated Cache on NetscalerIntegrated Cache on Netscaler
Integrated Cache on NetscalerMark Hillick
 
Scareware - Irisscon 2009
Scareware - Irisscon 2009Scareware - Irisscon 2009
Scareware - Irisscon 2009Mark Hillick
 
Scareware Traversing the World via Ireland
Scareware Traversing the World via IrelandScareware Traversing the World via Ireland
Scareware Traversing the World via IrelandMark Hillick
 
CTF: Bringing back more than sexy!
CTF: Bringing back more than sexy!CTF: Bringing back more than sexy!
CTF: Bringing back more than sexy!Mark Hillick
 
MongoDB - Who, What & Where!
MongoDB - Who, What & Where!MongoDB - Who, What & Where!
MongoDB - Who, What & Where!Mark Hillick
 

More from Mark Hillick (9)

Peeling back your Network Layers with Security Onion
Peeling back your Network Layers with Security OnionPeeling back your Network Layers with Security Onion
Peeling back your Network Layers with Security Onion
 
Introduction to MongoDB
Introduction to MongoDBIntroduction to MongoDB
Introduction to MongoDB
 
PHP Loves MongoDB - Dublin MUG (by Hannes)
PHP Loves MongoDB - Dublin MUG (by Hannes)PHP Loves MongoDB - Dublin MUG (by Hannes)
PHP Loves MongoDB - Dublin MUG (by Hannes)
 
HackEire 2009
HackEire 2009HackEire 2009
HackEire 2009
 
Integrated Cache on Netscaler
Integrated Cache on NetscalerIntegrated Cache on Netscaler
Integrated Cache on Netscaler
 
Scareware - Irisscon 2009
Scareware - Irisscon 2009Scareware - Irisscon 2009
Scareware - Irisscon 2009
 
Scareware Traversing the World via Ireland
Scareware Traversing the World via IrelandScareware Traversing the World via Ireland
Scareware Traversing the World via Ireland
 
CTF: Bringing back more than sexy!
CTF: Bringing back more than sexy!CTF: Bringing back more than sexy!
CTF: Bringing back more than sexy!
 
MongoDB - Who, What & Where!
MongoDB - Who, What & Where!MongoDB - Who, What & Where!
MongoDB - Who, What & Where!
 

Recently uploaded

08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 

Recently uploaded (20)

08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 

Implementing a WAF

  • 1. TRIALS & TRIBULATIONS OF WAF MARK HILLICK - @MARKOFU Thursday 20 May 2010
  • 2. AWK -F: '/ROOT/ {PRINT $5}' /ETC/PASSWD Mark Hillick Thursday 20 May 2010
  • 3. PHASES Introduction Starting Out Design Test Implementation Post-Implementation Thursday 20 May 2010
  • 4. INTRODUCTION - WHAT IS A WAF? Thursday 20 May 2010
  • 5. INTRODUCTION - WAF TODAY? WAF Marketplace Maturing Compliance Boo Thursday 20 May 2010
  • 6. INTRODUCTION - WAF TODAY? WAF deployments were initially propelled by PCI ......... but are now increasingly driven by security best practices. Source: Forrester 2010 Thursday 20 May 2010
  • 7. INTRODUCTION - NUMBERS $200 million 20% Thursday 20 May 2010
  • 8. INTRODUCTION - VENDORS Software/Hardware Commercial/Open Source Thursday 20 May 2010
  • 9. INTRODUCTION - EH???? WHAT???? XSS XSRF SQL Injection APT Zero Day Click Jacking Cookie/Session Hijacking Thursday 20 May 2010
  • 10. INTRODUCTION - COMPETITORS IDS Reverse Proxy IPS Network FW Proxy Secure Code Thursday 20 May 2010
  • 11. INTRODUCTION - PRE-SALES Know your subject Question, Ask, Query, Demand Plan, Test, Plan, Test Thursday 20 May 2010
  • 12. STARTING OUT - GOAL Thursday 20 May 2010
  • 13. STARTING OUT - RESEARCH Research -> knowledge & understanding Thursday 20 May 2010
  • 14. STARTING OUT - SATISTICS 6.5 times more expensive to fix a flaw in development than during design, 15 times more in testing, and 100 times more in development. Source http://2010survey.whitehatimperva.com/ Thursday 20 May 2010
  • 15. STARTING OUT - INTERNAL SELL (1) Technical issues in business language (e.g. just-in- time patching) and a bit of Thursday 20 May 2010
  • 16. STARTING OUT - INTERNAL SELL (2) Know your costs Advantages over cheaper alternatives! Thursday 20 May 2010
  • 17. STARTING OUT - INTERNAL SELL (4) There is a disconnect between the acknowledgement of security issues and the willingness to fix them.  Source: The HP Security Laboratory Blog Thursday 20 May 2010
  • 18. STARTING OUT - INTERNAL SELL (4) Do not oversell WAF != unhackable Thursday 20 May 2010
  • 19. STARTING OUT - PLAN (1) I love it when...... Copyright © NBC Thursday 20 May 2010
  • 20. STARTING OUT - PLAN (2) WANTED!!!! Owner/Champion/Lover Thursday 20 May 2010
  • 21. STARTING OUT - PLAN (3) Thursday 20 May 2010
  • 22. STARTING OUT - PLAN (4) UAT & SDLC Configuration - Delegation? Alerting Incident Response Plan Logging & Analysis Reporting Thursday 20 May 2010
  • 23. TEST - TEST SOURCE: http://www.flickr.com/photos/ kodomut/ Thursday 20 May 2010
  • 24. TEST - SDLC How does it change? When? Who? Thursday 20 May 2010
  • 25. TEST - OPERATIONAL Not what you want, is it? Thursday 20 May 2010
  • 26. TEST - FUNCTIONAL Functional Generic Specific SOURCE: http://www.flickr.com/photos/ 54724780@N00/ Thursday 20 May 2010
  • 27. TEST - STRESS STRESS == LEARNING SOURCE: http://www.flickr.com/photos/ 54724780@N00/ Thursday 20 May 2010
  • 28. TEST - THE FUN ‘BIT’ Does it work....... SOURCE: http://nmap.org/movies.html Copyright © Warner Bros. Thursday 20 May 2010
  • 29. TEST - POLICY Administration Policy Who has access? Delegation? Change Management - different? Incident Response Plan? What is an Incident? Thursday 20 May 2010
  • 30. IMPLEMENTATION - PLAN Plan B? Copyright © Fox Thursday 20 May 2010
  • 31. IMPLEMENTATION - ALMOST Almost there, don’t cut corners! COMPLETE TESTING FULLY!!!!! Thursday 20 May 2010
  • 32. IMPLEMENTATION - SET-UP +.ve Security Model Transparent Informational Logging Generic versus Specific Analysis Reporting Thursday 20 May 2010
  • 33. IMPLEMENTATION - READ Check your logs!!! Thursday 20 May 2010
  • 34. IMPLEMENTATION - HACK External Testing Thursday 20 May 2010
  • 35. IMPLEMENTATION Transparent -> Blocking Generic -> Specific Thursday 20 May 2010
  • 36. POST-IMPLEMENTATION - WAF Your infrastructure has changed!! Patching, Policy Changes, Application Upgrades Thursday 20 May 2010
  • 37. POST-IMP - STILL, OH YES? SDLC Network Firewall & ACLs Code Analysis Penetration &Vulnerability Testing Incident Response Plan???? -> Incident? What? Thursday 20 May 2010
  • 38. POST-IMP - TICK TOCK, NO MORE!! Thursday 20 May 2010
  • 39. POST-IMP - USE IT! NO!!!!!! Thursday 20 May 2010
  • 40. POST-IMPLEMENTATION - STILL? As someone-else once said!! Thursday 20 May 2010
  • 41. RESOURCES SANS Reading Room (Scareware via Web App exploit) SANS, Owasp, WebAppSec Web 2.0 -> Blogs, Twitter Vendor Sites Thursday 20 May 2010
  • 42. CONCLUSION - WAF Extra layer of defence but also admin Can be an excellent and effective solution Is it what I need? Only a part of defence-in-depth!!!! Thursday 20 May 2010